Try: /sbin/iptables -L -nv -t filter /sbin/iptables -L -nv -t nat /sbin/iptables -L -nv -t mangle
to see everything. Ramin On Tue, Apr 30, 2002 at 09:23:00AM -0500, Bob Hillegas wrote: > I am using RH 7.1, kernel 2.4.9-21 and iptables.1.2.4-0.71.2 from a RedHat > rpm. > > When I run the following script and then produce a rules listing > (/sbin/iptables --list -nv --line-numbers) I do NOT get any indication > that the POSTROUTING chain has been built. > > What do I check next? > > Thanks, BobH > > #-----------<script>--------------------------------------------------------------- > modprobe ip_conntrack_ftp > modprobe ip_nat_ftp > > # Enable IP forwarding between interfaces FIRST (sets defaults for others) > # Needed for MASQUERADE'ing > echo 1 > /proc/sys/net/ipv4/ip_forward > > # Remove any existing rules from all chains > iptables --flush > iptables -t nat --flush > iptables -t mangle --flush > > # Unlimited traffic on the loopback interface > iptables -A INPUT -i lo -j ACCEPT > iptables -A OUTPUT -o lo -j ACCEPT > > # Unlimited traffic on the local LAN interface > iptables -A INPUT -i eth0 -j ACCEPT > iptables -A OUTPUT -o eth0 -j ACCEPT > > # Set the default policy to drop > iptables --policy INPUT DROP > iptables --policy OUTPUT DROP > iptables --policy FORWARD DROP > > iptables -t nat --policy PREROUTING ACCEPT > iptables -t nat --policy POSTROUTING ACCEPT > > # Remove any pre-existing user-defined chains > iptables --delete-chain > iptables -t nat --delete-chain > iptables -t mangle --delete-chain > > #........................... > # More general rule > > iptables -t nat -A POSTROUTING -o ppp0 \ > -j MASQUERADE > > # Disallow NEW & INVALID incoming or forwarded packets from ppp0 > > iptables -A INPUT -i ppp0 \ > -m state --state NEW,INVALID \ > -j DROP > > iptables -A FORWARD -i ppp0 \ > -m state --state NEW,INVALID \ > -j DROP > > #-----------</script>------------------------------ > > Output of /sbin/iptables --list -nv --line-numbers: > > Chain INPUT (policy DROP 0 packets, 0 bytes) > num pkts bytes target prot opt in out source destination > > 1 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 > > 2 1 76 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 > > 3 0 0 DROP all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 > state INVALID,NEW > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > num pkts bytes target prot opt in out source destination > > 1 0 0 DROP all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 > state INVALID,NEW > > Chain OUTPUT (policy DROP 0 packets, 0 bytes) > num pkts bytes target prot opt in out source destination > > 1 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 > > 2 0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 > > > > -- > ------------------------------------------------- > Bob Hillegas > <[EMAIL PROTECTED]> > 281.546.9311 > > > >
